Revert "feat: convert the failure and success scripts to reusable act…

…ions (#855)" (#859)

This reverts commit 124921a.

.github/workflows/reuseable-snapshot-timestamp.yml

@@ -27,37 +27,37 @@ on:
         required: false
     inputs:
       snapshot_key:
-        description: "Sets the snapshotting key reference"
+        description: 'Sets the snapshotting key reference'
         required: true
         type: string
       timestamp_key:
-        description: "Sets the timestamping key reference"
+        description: 'Sets the timestamping key reference'
         required: true
         type: string
       branch:
-        description: "The branch where the staged repository is, e.g. ceremony/2022-10-18"
+        description: 'The branch where the staged repository is, e.g. ceremony/2022-10-18'
         required: true
         type: string
       repo:
-        description: "Sets the repository to perform the operation on: expects relative path to GitHub repository, for example: repository"
+        description: 'Sets the repository to perform the operation on: expects relative path to GitHub repository, for example: repository'
         required: false
         default: repository
         type: string
       provider:
-        description: "Sets the workflow identity provider"
+        description: 'Sets the workflow identity provider'
         required: true
         type: string
       service_account:
-        description: "Sets the GitHub service account authorized for keys"
+        description: 'Sets the GitHub service account authorized for keys'
         required: true
         type: string
       snapshot_timestamp:
-        description: "Enables snapshot/timestamp step. During ceremonies, you may flip this to false to allow for just a publish step."
+        description: 'Enables snapshot/timestamp step. During ceremonies, you may flip this to false to allow for just a publish step.'
         required: false
         default: true
         type: boolean
       publish:
-        description: "Enables publishing step. During ceremonies, you may flip this to false to allow for reviewing changes before publishing."
+        description: 'Enables publishing step. During ceremonies, you may flip this to false to allow for reviewing changes before publishing.'
         required: false
         default: true
         type: boolean
@@ -66,7 +66,7 @@ jobs:
   snapshot_and_timestamp:
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
+      id-token: 'write'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
@@ -83,7 +83,7 @@ jobs:
           echo "LOCAL=1" >> $GITHUB_ENV
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: '1.20'
           check-latest: true
       - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
         with:
@@ -92,7 +92,7 @@ jobs:
       - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
         id: auth
         with:
-          token_format: "access_token"
+          token_format: 'access_token'
           workload_identity_provider: ${{ inputs.provider }}
           service_account: ${{ inputs.service_account }}
           create_credentials_file: true
@@ -140,24 +140,22 @@ jobs:
     runs-on: ubuntu-latest
     needs: [snapshot_and_timestamp]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
     if: always() && needs.snapshot_and_timestamp.result == 'failure'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Trigger create issue
-        uses: sigstore/sigstore-probers/.github/workflows/reusable-create-issue.yml@main
-        with:
-          issue_repository: sigstore/root-signing
-          issue_type: FAILURE
+      - run: |
+          set -euo pipefail
+          ./.github/workflows/scripts/report-failure.sh
 
   if-pass:
     runs-on: ubuntu-latest
     needs: [snapshot_and_timestamp]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
@@ -172,8 +170,8 @@ jobs:
     needs: snapshot_and_timestamp
     runs-on: ubuntu-latest
     permissions:
-      pull-requests: "write"
-      contents: "write"
+      pull-requests: 'write'
+      contents: 'write'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
@@ -202,32 +200,28 @@ jobs:
     runs-on: ubuntu-latest
     needs: [push]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
     if: always() && needs.push.result == 'failure'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Trigger create issue
-        uses: sigstore/sigstore-probers/.github/workflows/reusable-create-issue.yml@main
-        with:
-          issue_repository: sigstore/root-signing
-          issue_type: FAILURE
+      - run: |
+          set -euo pipefail
+          ./.github/workflows/scripts/report-failure.sh
 
   if-push-pass:
     runs-on: ubuntu-latest
     needs: [push]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
     if: always() && needs.push.result == 'success'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Trigger create issue
-        uses: sigstore/sigstore-probers/.github/workflows/reusable-create-issue.yml@main
-        with:
-          issue_repository: sigstore/root-signing
-          issue_type: SUCCESS
+      - run: |
+          set -euo pipefail
+          ./.github/workflows/scripts/report-success.sh

.github/workflows/scripts/report-failure.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+#
+# Copyright 2022 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -euo pipefail
+
+source "./.github/workflows/scripts/e2e-utils.sh"
+
+# Gets the name of the currently running workflow file.
+# Note: this requires GITHUB_TOKEN to be set in the workflows.
+this_file() {
+    gh api -H "Accept: application/vnd.github.v3+json" "/repos/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | jq -r '.path' | cut -d '/' -f3
+}
+
+THIS_FILE=$(this_file)
+create_issue_body
+
+ISSUE_ID=$(gh -R "$ISSUE_REPOSITORY" issue list --label "bug" --state open -S "$THIS_FILE" --json number | jq '.[0]' | jq -r '.number' | jq 'select (.!=null)')
+
+if [[ -z "$ISSUE_ID" ]]; then
+    # Replace `-`` by ` `, remove the last 4 characters `.yml`. Expected: "snapshot timestamp".
+    TITLE=$(echo "$THIS_FILE" | sed -e 's/\-/ /g' | rev | cut -c5- | rev)
+    GH_TOKEN=$GITHUB_TOKEN gh -R "$ISSUE_REPOSITORY" issue create -t "[bug]: Updating workflow $TITLE" -F ./BODY --label "bug"
+else
+    GH_TOKEN=$GITHUB_TOKEN gh -R "$ISSUE_REPOSITORY" issue comment "$ISSUE_ID" -F ./BODY
+fi

.github/workflows/scripts/report-success.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+#
+# Copyright 2022 The Sigstore Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eo pipefail
+
+source "./.github/workflows/scripts/e2e-utils.sh"
+
+e2e_create_issue_success_body() {
+    create_issue_body
+
+    echo "" >>./BODY
+    echo "**Tests are passing now. Closing this issue.**" >>./BODY
+
+}
+
+THIS_FILE=$(this_file)
+e2e_create_issue_success_body
+
+ISSUE_ID=$(gh -R "$ISSUE_REPOSITORY" issue list --label "bug" --state open -S "$THIS_FILE" --json number | jq '.[0]' | jq -r '.number' | jq 'select (.!=null)')
+
+if [[ -n "$ISSUE_ID" ]]; then
+    echo gh -R "$ISSUE_REPOSITORY" issue close "$ISSUE_ID" -c "$(cat ./BODY)"
+    GH_TOKEN=$TOKEN gh -R "$ISSUE_REPOSITORY" issue close "$ISSUE_ID" -c "$(cat ./BODY)"
+fi

.github/workflows/sync-main-to-preprod.yml

@@ -22,21 +22,21 @@ on:
       - main
     paths:
       # When any repository metadata is changed.
-      - "repository/repository/**"
+      - 'repository/repository/**'
   workflow_dispatch:
 
 jobs:
   sync:
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
+      id-token: 'write'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           fetch-depth: 0
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: '1.20'
           check-latest: true
       - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
         with:
@@ -45,9 +45,9 @@ jobs:
       - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
         id: auth
         with:
-          token_format: "access_token"
-          workload_identity_provider: "projects/237800849078/locations/global/workloadIdentityPools/root-signing-pool/providers/sigstore-root"
-          service_account: "sigstore-root-signing@project-rekor.iam.gserviceaccount.com"
+          token_format: 'access_token'
+          workload_identity_provider: 'projects/237800849078/locations/global/workloadIdentityPools/root-signing-pool/providers/sigstore-root'
+          service_account: 'sigstore-root-signing@project-rekor.iam.gserviceaccount.com'
           create_credentials_file: true
       - name: Login
         run: |
@@ -98,15 +98,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [sync]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
     if: always() && needs.sync.result == 'failure'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - name: Trigger create issue
-        uses: sigstore/sigstore-probers/.github/workflows/reusable-create-issue.yml@main
-        with:
-          issue_repository: sigstore/root-signing
-          issue_type: FAILURE
+      - run: |
+          set -euo pipefail
+          ./.github/workflows/scripts/report-failure.sh

.github/workflows/sync-main-to-staging.yml

@@ -21,29 +21,29 @@ on:
       - main
     paths:
       # When any staging repository metadata is changed.
-      - "staging/repository/**"
+      - 'staging/repository/**'
   workflow_dispatch:
 
 jobs:
   sync:
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
+      id-token: 'write'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           fetch-depth: 0
       - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
         with:
-          go-version: "1.20"
+          go-version: '1.20'
           check-latest: true
       # Setup OIDC->SA auth
       - uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
         id: auth
         with:
-          token_format: "access_token"
-          workload_identity_provider: "projects/306323169285/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider"
-          service_account: "github-actions@projectsigstore-staging.iam.gserviceaccount.com"
+          token_format: 'access_token'
+          workload_identity_provider: 'projects/306323169285/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider'
+          service_account: 'github-actions@projectsigstore-staging.iam.gserviceaccount.com'
           create_credentials_file: true
       - uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1
         with:
@@ -97,16 +97,13 @@ jobs:
     runs-on: ubuntu-latest
     needs: [sync]
     permissions:
-      issues: "write"
+      issues: 'write'
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       ISSUE_REPOSITORY: sigstore/root-signing
     if: always() && needs.sync.result == 'failure'
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-
-      - name: Trigger create issue
-        uses: sigstore/sigstore-probers/.github/workflows/reusable-create-issue.yml@main
-        with:
-          issue_repository: sigstore/root-signing
-          issue_type: FAILURE
+      - run: |
+          set -euo pipefail
+          ./.github/workflows/scripts/report-failure.sh